Keywords

Risk Disclosure, Risk Assessment, Risk Strategy, Integrated Reporting, Narrative Disclosure.

Introduction

The ever-changing world of corporate governance, integrated reporting requirements and improved risk strategy practices require management to stay up to date. Thus, institutions are presently executing risk strategy and reporting practices to stay relevant. The expanding integrated reporting prerequisites additionally put focus on institutions to report comprehensively.

In recent years, risk disclosure has been on the plan with expanding accentuation on integrated reporting to institutional stakeholders (Raemaekers et al., 2016; Hughen et al., 2014). COSO (2016) and Lord IV (2016) concur that institutions ought to give stakeholders a sensible assumption that they can evaluate and investigate material risks related to the strategy. Similarly, risk strategy best practice is significant for diminishing institutional collapse and improving risk strategy implementation and disclosure (Solomon et al., 2000). COSO (2016) further ague that "risk is the possibility that events will occur and affect the achievement of strategy and business objectives".

Before the year 2000, risk disclosure depended on the attentiveness of the individual institution (ICAEW, 1997). Turnbull (1999) guidance endeavoured to present a framework on risk exposure. The framework has never been tried by scholastics. It required looking over the views of stakeholders on the ampleness of the risk disclosure and if more risk disclosure was required (McCrae & Balthazor, 2000). An examination by Solomon et al. (2000) endeavoured to address a portion of the issues referenced by looking over stakeholder insights to set up a connection between risk reporting perspectives. Moreover, the Financial Accounting Standard Board (FASB) (2012) educated on exposure regarding risk to financial instruments, and the manners by which institutions deal with these risks is fundamental to decision-making.

Reflectively, South Africa has taken the lead to be the first country to promulgate the requirements for listed companies to prepare integrated reports and explain non-compliance (King III, 2012; Integrated Reporting Committee of South Africa (IRCSA), 2011). Following the risk reporting issue raised by Solomon et al. (2000) and Moloi (2016b), it was noticed that South African Universities did not address risk disclosure in their reports. There was likewise proof that there was an extreme deviation in risk disclosure (Moloi, 2016b). Moloi (2016a) suggests risks in universities includes planning and strategy risk, administration risk, institutional risk, scholastic risk, research risk, student risks, Graduates risks and community risk. Of concern is the "absence of a holistic risk management practice in general circles of universities" (Moloi, 2016a). Coetzee & Lubbe (2013) caution that university risk management is one of the principal worries that sought to be rooted to guarantee an effective risk strategy. Furthermore, a few university report risk strategy as part of notes to financial statements while others report on risk strategy under the performance reports (Moloi, 2016b). All around the world, Figueroa (2016) discovered an absence of observational assessment inside the literature on risk strategy that there are gaps in executing and reporting risk strategy in universities - extreme contrasting approaches to deal with risk strategy in universities. Accordingly, the aim of the article was to examine whether university managers and academics agree on what the university reports ought to reveal with respects to risk strategy. The research seeks to answer the following core research question:

What are the views of university managers and accounting academics on the risk strategy principles to be implemented and disclosed by South African universities? In answering the research question, the article seeks to achieve the following specific research objectives:

1. To examine the views of university managers and accounting academics on the importance of risk strategy implementation and disclosure by South African universities.

2. To examine views of university managers and academics on implementing and disclosing the consideration of potential effects of university context on risk profile.

3. To scrutinize the opinions of university managers and academics on implementing and disclosure of risk appetite in creating, preserving and realising value.

4. To analyse insights of university managers and academics on implementing and disclosing the university evaluation of alternative strategies and their impact on risk profiles.

5. To scrutinize the opinions of university managers and academics on implementing and disclosing whether the institution considers risk while establishing the university objectives at various levels that align and support strategy.

In previous studies on risk strategy in academic institutions, emphasise was placed on the use of content analysis of the annual reports. Also, emphasise was placed on whether risk strategy was disclosed or not in the annual report of the academic institution. The article takes a new direction by obtaining views of key university stakeholders on what needs to be implemented or disclosed by universities- this is achieved by adopting a survey research design. The findings of this research can assist accounting or risk practitioners and assurance service providers to improve on risk strategy implementation and disclosure for universities.

Consequently, the unit of analysis for the article include 26 South African universities and the sampling frame include university managers and accounting academics.

Literature Review

The advances made by the insurance industry can ascribe to the most recent risk strategy practices (Crockford, 1982; Harrington & Neihaus, 2003; Dionne, 2013). King III (2009) characterize risk strategy as a practice to identify and analyze the risks to the institution. IFAC (2018) alludes to the university risk strategies associated with Enterprise risk management (ERM). Furthermore, IFAC (2018) note to different components of institutional risks, for example, (a) identification of risk and controls related to risk, (b) assessing the effects of risk on financial statements and various assertions, (c) relationship and (d) to the likelihood and possibility of multiple misstatements. Assurance service providers can likewise assess the probability of the risk occurring during the institution's risk strategy appraisal.

Also, risk strategy incorporates the university's strategic plan toward setting procedure and institutional objectives. With a comprehension of the institutional setting, the institution can gain insight into internal and external factors and their impact on risk. Along these lines, an institution sets its risk appetite related to strategy (COSO, 2016). The university's strategy and objectives shape the university's everyday tasks and needs.

The university recognizes and assesses risks that may influence an institution's capacity to accomplish a viable risk strategy (COSO, 2016). It focuses on risks as per their seriousness and thinks about the university's risk appetite. The institution selects risk responses and monitors performance for a change. Along these lines, the university builds up a portfolio perspective on the measure of risk pursuit of its strategy and institutional objectives.

The article noticed that South Africa has started to lead the integrated reporting. IRCSA (2011) characterizes an integrated report as a "report to stakeholders on the system, execution and exercises of the university in a way that permits stakeholders to assess the capacity of the university to make and support value in the short-, medium and long haul".

Conversely, for IR (2021) and De Villiers et al. (2017), an integrated report sought to clarify the variables that influence the institution's capacity to create value over the long run. What's more, zeroing in on the centre issue energizes significant and sensible reports that assist in decision-making.

Moreover, IoDSA (2016) states that integrated reporting mix various leadership obligations regarding individuals responsible for strategy. Management obligations incorporate hierarchical bearing, endorsement of strategies and arranging, the council oversight and management responsibility for execution. IIRC (2015) note the advantages of integrated reporting - improving how institutions think; plan and report the activities; assisting institutions to be mindful of their system and plans; settling on educated choices in overseeing key risks and invigorating stakeholder certainty. For DHET (2014), suggested practices of risk reporting incorporate, among others, the risk assessment procedure, disclosure on the degree of risk and opportunities the institution will take.

The risk disclosure part of this article alluded to "narrative disclosure" (Churet & Eccles, 2014; Smith & Taffler, 2000). Schipper (1991) additionally contends that narrative disclosure is significant for users of reports to settle on educated choices on performance and worth sustainability of the university. Subsequently, research upholds a connection between "narrative disclosure" and risk to financial failure (Smith & Taffler, 1995). Conversely, narrative disclosure alone can't give stakeholders a total record of how a university creates and supports value (IRCSA, 2011). Given the weakness of select "narrative disclosure", IIRC (2011) and IRCSA (2011) prompt on the significance or interconnection among monetary and non-monetary measures.

Consequently, risk strategy disclosure is a vital piece of integrated reporting to reasonably assure the university develops and supports growth. The risk strategy principles form part of the survey of this article. Thought was given to King IV's (2016) risk governance, COSO (2016) and ISO (2018) risk assessment elements.

Research Design and Methods

The empirical research of this article adopted a survey research design. Yin (2009) defines a research design as a blueprint to execute the study. As such, the target population for the empirical research included 26 universities in South Africa. The unit of analysis consists of key stakeholders in South African universities. A purposive sampling strategy was followed to extract university managers and academics in the Departments of Accounting, totalling 104 respondents in the two groups. Etikan et al. (2016); Patton (2002) argues that the logic and power of purposeful sampling lie in selecting information-rich cases for in-depth study. Information-rich cases are those cases from which one can learn a great deal about issues of central importance to the purpose of the research. Purposive sampling is a Nonprobability sampling used when the researcher does not aim to generate results used to generalise about the entire population (Etikan & Alkassim, 2016). The purposive sample is relevant for the research due to its advantage of selecting information-rich respondents who develop the risk strategy practices (accounting academics) and practitioners (managers).

The final realised sample includes 52 respondents in total, all of the 52 questionnaires were analysed- equal to a 50% response rate. Baruch (1999) argue that there is no norm for the response rate in academic studies. Recently, the prevailing stressful competitive working environment-respondents have less time and energy to complete a questionnaire (Cooper & Payne, 1988). Of concern is when the study involves executive managers of an institution as respondents (Baruch, 1999). Denison & Mishra (1995) justify a 21% response rate for studies involving executive managers as respondents; Henderson (1990) agrees to a response rate of 20%-30%.

Another issue to consider when determining the response rate are spoilt questionnaires. In research by Chia (1995), Fifty-one out of a hundred respondents returned their questionnaires. In addition, 9 of the Fifty-one questionnaires were incomplete-resulting in 42% of the response rate. Also, consideration of the mode of disseminating questionnaires is crucial to the response rate. In a study by Anderson & Berdie (1975), questionnaires mailed to executive managers; the response rate was 19.7%. On the contrary, a factor limiting the physical distribution of questionnaires could be the geographical spread of the respondents- this makes it difficult to visit every respondent.

Baruch (1999) considers the following when accepting the response rate: the proportion of the usable questionnaires, type of the target population and unit of analysis; is the questionnaire survey compulsory to complete if not; the researcher cannot reasonably coerce the respondent to complete the questionnaire survey. However, there is a distinction to studies towards executive managers, middle managers and specialists in the institution- a norm of 36%+ is fair (Baruch, 1999).

This study follows a quantitative research approach based on a survey, which consists of a pre-tested questionnaire. The questionnaire survey was completed by university management and academics over a period of 12 months. Follow-ups were done every month to the respondents who did not return their questionnaires. The questionnaire survey included a five-point Likert scale questionnaire of five risk strategy principles. The risk strategy principles for this research are from literature, and each of the five risk strategy principles required the respondents to indicate on a scale of (1 strongly disagrees) towards (5 strongly agrees). The respondents indicate on a Likert scale which principles should be implemented or disclosed in university annual reports (see Annexure A). The questionnaire survey also includes the demographics of the respondents, rank in the university and number of years. Hammer (2011) note the importance of describing the demographic characteristics of participants when presenting findings in journal articles. Demographics allows readers and researchers to determine to whom research findings emanate and facilitate easy replications of studies (Bein, 2009). The Cronbach’s alpha is 0.963 for all of the five risk strategy principles. According to Maree (2007), internal reliability refers to a measure or an instrument consistency, and researchers can ensure reliability by using various respondents when gathering data.

Ethical norms were considered when administering the questionnaire and includes: reminding participants that consent to participate in the study is voluntary and, respondents are free to withdraw their participation anytime; no incentives were used to coerce respondents to participate in the research; confidentiality of respondents is maintained throughout the study; no institution is mentioned by name, only aggregates were used to report the results of the research (Diener & Crandal, 1978).

Results and Findings

The purpose of the survey was to address the research objectives of this article. In addition, this research aimed to examine whether university managers and academics agree on what the university reports ought to reveal concerning risk strategy.

Analysis of Respondent’s Demographics

The demographic of the respondent determines the rank and the number of years in the rank. Firstly, the respondents in this questionnaire mentioned their rank in the university based on the job title. The purpose of this demographic was to determine the respondent’s risk responsibility in the university. The sample consisted of 52 respondents, 58% are academics (n= 30) and 42% are university management (n=22). Figure 1 below shows the percentage of respondents in each rank (job title). A 38.5% of the respondents are Accounting Lecturers; the balance of the respondents diversely distributed across Vice-Chancellors (5.8%), Associate Professor (1.9%), Chief Financial Officers (7.7%), 2 Deans (3.8%), Head of Departments (9.6%) Chief Audit Executive (1.9%), Rectors (3.8%), Project Manager (1.9%), Senior Lecturers (17.3%), Chief Risk Officer (7.7%).

Secondly, the questionnaire responses indicated the number of years in the rank of the university. The purpose of this demographic was to determine cumulative years of experience the respondent spent working for the institution in the current rank (job title). Figure 2 below shows the percentage of the respondent number of years (level of experience) in the current rank. Figure 1 below shows the percentage of respondents in each rank. A 38.5% of the respondents have working experience of between 1 to 5 years. The rest of the respondents are diversely distributed 19.2% (11 to 15 years), 15.4% (6 to 10 years), 13.5 % (6 to 20 years), 11.5% (21 to 25 years), 1.9% more than 30 years.

Analsis of Descriptive Statistics

The results of the descriptive statistics are based on the survey responses of risk strategy and objective setting principles for university stakeholders. The analysis of the data was done using SPSS 22. Table 1 shows the descriptive statistics based on principles relating to risk, strategy and objective setting for the universities. The descriptive statistics (mean and standard deviation) for risk strategy principles reveal of (M = 4.05, SD = 0.947). The results suggest a positive perception of risk strategy and objective setting amongst stakeholders of the universities.

Table1 Descriptive Statistics of Principles on Risk, Strategy and Objective Setting
C2.          Risk, Strategy and Objective Setting are Important for a HEI.
			Frequency (n)	Percent (%)
Mean ? 4.65	Standard Deviation  ? 0.711	Strongly disagree	1	1.9
		Undecided	1	1.9
		Agree	12	23.1
		Strongly agree	38	73.1
		Total	52	100.0
C2.1       The institution considers potential effects of business context on risk profile.
			Frequency (n)	Percent (%)
Mean ? 3.94	Standard Deviation   ? 0.998	Disagree	5	9.6
		Undecided	12	23.1
		Agree	16	30.8
		Strongly agree	19	36.5
		Total	52	100.0
C2.2       The institution defines risk appetite in the context of creating, preserving, and realizing value.
			Frequency (n)	Percent (%)
Mean   ? 3.75	Standard Deviation   ? 1.007	Disagree	8	15.4
		Undecided	10	19.2
		Agree	21	40.4
		Strongly agree	13	25.0
		Total	52	100.0
C2.3       The institution evaluates alternative strategies and impact on risk profile.
			Frequency (n)	Percent (%)
Mean ? 3.94	Standard Deviation ? 1.037	Disagree	6	11.5
		Undecided	11	21.2
		Agree	15	28.8
		Strongly agree	20	38.5
		Total	52	100.0
C2.4       The institution considers risk while establishing the business objectives at various levels that align and support strategy.
			Frequency (n)	Percent (%)
Mean ? 3.98	Standard Deviation ? .980	Disagree	5	9.6
		Undecided	10	19.2
		Agree	18	34.6
		Strongly agree	19	36.5
		Total	52	100.0

The descriptive statistics for the risk strategy principles (see table 1) suggested that thirty-eight (73.1%) of the university stakeholders strongly agree on both implementation and disclosure of risk, strategy and objective setting importance for HEIs (M = 4.65, SD = 0.711), 1(1.9%) strongly disagree. Nineteen (36.5%) of university stakeholders strongly agree on both implementation and disclosure of the institution considering potential effects of business context on risk profile; (M= 3.94, SD = 0.998), 5 (9.6%) disagree. Twenty-one (40.4%) of the university stakeholders agree on implementation by defining risk appetite in the context of creating, preserving, and realizing value (M = 3.75, SD = 1.007), 8 (15.4%) disagree. Twenty (38.5%) of the university stakeholders strongly agree on both implementation and disclosure on the institution evaluation of alternative risk strategies and their impact on risk profile (M = 3.94, SD = 1.037), 6 (11.5%) disagree. Nineteen (36.5%) of the university stakeholders strongly agree on the implementation and disclosure of the institution consideration of risk while establishing the business objectives at various levels that align and support strategy (M = 3.98, SD = 0.980), 5 (9.6%) disagree.

Discussion and Conclusion

This study examined risk strategy, implementation and reporting based on views of university key stakeholders. To our knowledge, the findings of this research can assist accounting or risk practitioners and assurance service providers to improve on risk strategy implementation and disclosure for universities. The research question for this article was, what are the views of university managers and accounting academics on the risk strategy principles to be implemented and disclosed by South African universities? In answering the research question, five research objectives are developed (see the introduction section of this article) and tested using descriptive statistics such as the mean =, the standard deviation = and frequencies. Also, demographics questions on the rank (job title) and the number of years in the rank determined the level and experience of the respondent.

Summary of the Findings

The overall analysis of the results in Table 1 suggest a positive perception of risk strategy and objective setting amongst stakeholders of the universities –an overall mean score of 4.05 (SD = 0.947). Also, the results suggest a very low negative perception-disagreement on implementation and disclosure of all the principles. The disagreement could indicate that very few university stakeholders lack risk strategy awareness. In addition, the results on the demographics of the respondents suggest a diverse representation of skills and working experience. The researchers view some institution senior management positions are performance-based on a five-year turnaround. Hence most of the respondents have working experience between 1 to 5 years.

Research objective 1 examine the views of university stakeholders on the importance of risk strategy disclosure for universities. The results suggest (73.1%) of university stakeholders strongly agree on both implementation and disclosure of risk, strategy and objective setting importance in university annual reports (M= 4.65, SD = 0.711). Solomon, Solomon, Norton and Joseph (2000) agree that risk strategy best practice is crucial for the institution to avoid failure and improves risk strategy practice. Also, risk strategy disclosure is a vital piece of integrated reporting (King IV, 2016). Risk strategy is indispensable.

Research objective 2 examine the views of university stakeholders on the disclosure of risk profile for the university. A strong agreement exists amongst university stakeholders (36.5%) on both implementation and disclosure of institution consideration on risk profile (M = 3.94, SD = 0.998). An institutional strategic plan incorporates risk strategy toward setting procedure and institutional objectives (COSO, 2016). DHET (2014) suggest practices of risk reporting to incorporate, among others, the risk assessment procedure, disclosure on the degree of risk and opportunities the institution will take.

Research objective 3 examine the views of university stakeholders on disclosure of risk appetite and university value creation. University stakeholders (40.4%) agree to implement by defining the institution's risk appetite in the context of creating, preserving (M= 3.75, SD = 1.007). COSO (2016) note that the institution sets its risk appetite related to strategy and objectives to shape the university's everyday tasks and needs. IR (2021) and De Villiers, Pei-Chi and Maroun (2017) argue integrated report ought to clarify the variables that influence the institution's capacity to create value over the long run. IRCSA (2011) agree that risk disclosure permits stakeholders to assess the capacity of the university to create and support value in the short, medium and long term. On the same, Schipper (1991) also notes the importance of Narrative disclosure in decision-making about the performance, strategy and value sustainability.

Research objective 4 analyse insights of university stakeholders on disclosing the university evaluation of alternative risk strategies and their impact on risk profiles. University stakeholders (38.5%) strongly agree with both implementation and disclosure of the institution evaluation of alternative strategies and their impact on risk profile (M = 3.94, SD = 1.037). The institution gains alternative insight into internal and external factors and their impact on risk strategy. Risk strategy disclosure allows institutions to provide risk reviews in their annual reports (Miihkinen, 2012).

Research objective 5: scrutinize the opinions of university stakeholders on disclosing whether the institution considers risk while establishing the university objectives at various levels that align and support strategy. University stakeholders (36.5%) strongly agree on both implementation and disclosure of the institution consideration of risks while establishing the business objectives at various levels that align and support strategy (M = 3.98, SD = 0.980). Risk strategy is the responsibility of everyone in an institution, however, the degree of responsibility differs accordingly. IoDSA (2016) states that integrated reporting combines numerous leadership responsibilities for those charged with risk strategy. IIRC (2015) notes that the benefits of integrated reporting include enhancing the way institutions think, plan and report the activities of their businesses. The literature review of this article concurs with the finding that risk strategy and objective setting are inseparable and also viewed as important in integrated reporting.

Conclusion, Limitations and Future Research

A conclusion can be drawn depending on the descriptive statistics, results and discussion. By and large, results proposed undeniable high degrees of risk awareness on implementation and disclosure by university stakeholders. Accordingly, the researchers see an appropriately executed risk strategy that could add value in accomplishing institutional objectives. Moreover, institutional stakeholders play a significant part in the implementation and disclosure of the risk strategy, each with explicit responsibility. What's more, Bui and De Villiers (2017) takes note that, risk strategy practices need infusion with institutional strategy. Furthermore, the results showed another view on risk strategy practice for universities. University stakeholders strongly agree on mandatory implementation and disclosure of risk strategy principles by universities. Exception is made to one risk strategy (C2.2 The institution defines risk appetite in the context of creating, preserving, and realizing value). Although university stakeholders agree on implementation of this principle, however disclosure on annual reports is at the discretion of the university. Execution of university stakeholder views could advance the risk practice for the universities.

On the other hand, the researchers note less operationalisation of risk strategy by HEIs (see the introduction section of this article). In response, developing a risk strategy scorecard can invigorate a risk mindfulness culture and serve as a risk strategy benchmarking instrument for HEIs- this requires further research. Additionally, research of evaluating university integrated reports utilizing content analysis can be essential to furnish a picture of what is disclosed by the reports in relation to risk strategy.

Moreover, it is irrefutable that HEIs are required to issue an integrated report. What the report contains vary, in any case, risk strategy disclosure is included in the integrated report and can likewise include a statement on risk governance (narrative disclosure). Also, the narrative disclosure can describe the responsibility of the Audit Committee with regards to risk strategy. Again, the nature and substance of the narrative disclosure is the discretion of the HEI. However, PwC (2007) warns that repetition of content in the annual report may impact the quality of the integrated report.

This article further notes the limitation to generalize findings due to the size of the sample. In response, the study is not primarily to generalize findings but to provide feedback on the university stakeholder views of the implementation and disclosure of risk strategy principles in South African universities. There are 26 universities in South Africa, this article view such as a factor in the sample size also, given that the sampling frame consists of university managers and accounting academics.

Annexure A: Research questionnaire on risk strategy principles

Questionnaire

The purpose of the questionnaire is to obtain participants perceptions of risk strategy to be disclosed in reports of South African Universities. The questionnaire consists of five point Likert scale questions on each risk strategy principle. The confidentiality of the participant is guaranteed and no university will be mentioned by name in the report/thesis. The questionnaire will take 10-15 minutes of your time.

Score	Rating	Zone	Explanation
1	Strongly disagree	Negative	The principle should not by any chance be implemented by the university and should not by any chance disclose its effect on the university’s annual integrated report.
2	Disagree	Negative	The principle should not be implemented by the university however, it should only be implemented if its omission will render an ineffective risk strategy and objective setting climate.
3	Neutral	Neutral	It is optional to implement the principle and disclose only if its materiality will prejudice the reliability of the university’s annual integrated report.
4	Agree	Positive	It is mandatory for the university to implement the principle however; it is optional to disclose the effect of the principle on the university’s annual integrated report.
5	Strongly agree	Positive	It is mandatory for the university to implement the principle and also mandatory to disclose the effect of the principle on the university’s annual integrated report.

Section A: Please exercise your choice by marking in the tick box on the ranking scale that best indicates the extent to which you agree or disagree with the statement.

Section B: Included below are Likert-scale response categories that will guide you to complete the Questionnaire by simply giving marks from 1 to 5.

Section C: Below is a Likert-scale on risk strategy principles.

References

1. Asamoah, M.K. (2014). Re-examination of the limitations associated with correlational research. Journal of Educational Research and Reviews, 2(4), 45-52.
2. Baruch, Y. (1999). Response rate in academic studies-A comparative analysis. Human relations, 52(4), 421-438.
3. Bui, B., & De Villiers, C. (2017). Business strategies and management accounting in response to climate change risk exposure and regulatory uncertainty. The British Accounting Review, 49(1), 4-24.
4. Churet, C., & Eccles, R.G. (2014). Integrated reporting, quality of management, and financial performance. Journal of Applied Corporate Finance, 26(1), 56-64.
5. Coetzee, G.P., & Lubbe, D. (2013). The risk maturity of South African private and public sector organisations. Southern African Journal of Accountability and Auditing Research, 14(1), 45-56.
6. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2013). Internal control integrated framework: executive summary.
7. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2016). Enterprise risk management: aligning risk with strategy and performance.https://www.coso.org/Documents/COSO-ERM-draft-Post-Exposure-Version.pdf. Date of access: 20 Jun. 2018.
8. Crockford, G.N. (1982). The bibliography and history of risk management: Some preliminary observations. Geneva Papers on Risk and Insurance: 169-179.
9. De Villiers, C., Pei-Chi, K.H., & Maroun, W. (2017). Developing a conceptual model of influences around integrated reporting, new insights and directions for future research. Meditari Accountancy Research, 25(4), 450-460.
10. Dionne, G. (2013). Risk management: History, definition, and critique. Risk Management and Insurance Review, 16(2), 147-166.
11. Etikan, I., Musa, S.A., & Alkassim, R.S. (2016). Comparison of convenience sampling and purposive sampling. American journal of theoretical and applied statistics, 5(1), 1-4.
12. Figueroa, F.A. (2016). An alternative university enterprise risk management framework. University risk management and insurance (URMIA) Journal, 20, 77-87.
13. Financial Accounting Standards Board (FASB). (2012). Disclosures about liquidity risk and interest rate risk (Topic 825). Financial Accounting Standards Board. N.p. _http://www.fasb.org/_. Date of access: 30 June 2018.
14. Harrington, S., & Niehaus, G. (2003). United grain growers: enterprise risk management and weather risk. Risk Management and Insurance Review, 6(2), 193-208.
15. Hughen, L., Lulseged, A., & Upton, D.R. (2014). Improving stakeholder value through sustainability and integrated reporting. The CPA Journal, 84(3), 57.
16. ICAEW (Institute of Chartered Accountants in England & Wales). (1997). Financial reporting of risk: Proposals for a statement of business risk. London: ICAEW.
17. IFAC (International Federation of Accountants). (2018). ISA 315: Identifying and assessing the risks of material misstatement through understanding the entity and its environment. SAICA student handbook. Johannesburg, South Africa: SAICA.
18. IR (Integrated reporting). (2021). International Integrated Reporting Framework. https://integratedreporting.org/resource/international-ir-framework/ Date of access: 31 March 2021.
19. Integrated Reporting Committee of South Africa (IRCSA). (2011). Framework for integrated reporting and the integrated report. Cape Town: SAICA.
20. ISO (International Organization for Standardization). (2018). ISO: 31000:2018 (En) Risk management- guidelines. http://iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en Date of access: 12 May 2020.
21. Kim, T.K. (2015). T test as a parametric statistic. Korean Journal of Anesthesiology, 68(6), 540.
22. King III (King Committee on Corporate Governance). (2012). King IV code on corporate governance for South Africa. Sandton: Institute of Directors of Southern Africa
23. King IV (King Committee on Corporate Governance). (2016). King IV code on corporate governance for South Africa. Sandton: Institute of Directors of Southern Africa.
24. McCrae, M., & Balthazor, L. (2000). Integrating risk management into corporate governance: The Turnbull guidance. Risk Management, 2(3), 35-45.
25. Moloi, T. (2016a). Exploring risks identified, managed and disclosed by South Africa’s public higher education institutions (HEIs). Journal of Accounting and Management, 6(2), 55-70.
26. Moloi, T. (2016b). Governance of risks in South Africa’s public higher education. Investment Management and Financial Innovations, 13(2), 226-234.
27. Patton, M.Q. (2002). Qualitative Research and evaluation methods.3dr Ed. Thousand oaks, CA: Sage.
28. Qanga, E.J. (2016). Perceptions on risk management at Walter Sisulu University. Port Elizabeth: Nelson Mandela Metropolitan University. (Dissertation – MTech).
29. Raemaekers, K., Maroun, W., & Padia, N. (2016). Risk disclosures by South African listed companies post-King III. South African Journal of Accounting Research, 30(1), 41-60.
30. Schipper, K. (1991). Commentary on analysts' forecasts. Accounting Horizons, 5, 105-121.
31. Smith, M., & Taffler, R. (1995). The Incremental Effect of Narrative Accounting Information in Corporate Annual Reports, Journal of Business Finance and Accounting, 22(8), 1195–210.
32. Smith, M., & Taffler, R.J. (2000). The chairman’s statement?A content analysis of discretionary narrative disclosures. Accounting, Auditing & Accountability Journal, 13(5), 624-647
33. Solomon, J.F., Solomon, A., Norton, S.D., & Joseph, N.L. (2000). A conceptual framework for corporate risk disclosure emerging from the agenda for corporate governance reform. The British Accounting Review, 32(4), 447-478.
34. Turnbull Report. (1999). Internal control: Guidance for directors on the combined code, The Institute of Chartered Accountants in England & Wales, September.
35. Williams, A., & Heins, M.H. (1995). Risk management and Insurance. New York: McGraw-Hill.
36. Yin, R. (2009). Case study research: Design and methods. 4th ed. USA: Sage.